nicole@flourish-acupuncture.co.uk

07920 053002

Privacy Policy

Flourish Acupuncture

At Flourish Acupuncture, we are committed to protecting your privacy and keeping your personal information safe and secure.

This Privacy Policy explains:

  • what information we collect;
  • how we use it;
  • how it is stored;
  • your rights regarding your personal information.

Please read this policy carefully and contact us if you have any questions.

Who We Are

Flourish Acupuncture is the data controller responsible for your personal information.

For the purposes of UK data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Flourish Acupuncture determines how and why your personal data is processed.

What Information We Collect

When you contact us, book appointments, complete forms, or receive treatment, we may collect and process personal information including:

  • name
  • address
  • date of birth
  • telephone number
  • email address
  • emergency contact details
  • GP details
  • medical history
  • treatment notes
  • medications
  • health questionnaires and consent forms
  • appointment history
  • payment and invoice information

Some of this information constitutes “special category” health data under UK GDPR.

How We Use Your Information

We use your information to:

  • provide safe and appropriate acupuncture treatment;
  • maintain clinical records;
  • manage appointments and communicate with you;
  • process payments and invoices;
  • comply with professional, insurance, and legal obligations;
  • improve our services and website;
  • send marketing communications where you have provided consent.

We only collect information that is relevant and necessary for the services we provide.

Legal Basis for Processing

We process personal data:

  • to fulfil our contract with you for treatment and appointment administration;
  • to comply with legal and professional obligations;
  • for our legitimate interests in operating and improving our services.

We process special category health data under Article 9(2)(h) UK GDPR for the provision of healthcare and health management.

Where consent is relied upon (such as marketing communications or photography consent), you may withdraw this consent at any time.

Confidentiality

Your medical and treatment information is treated as confidential and stored securely.

Information will not normally be shared without your consent unless:

  • required by law;
  • necessary for safeguarding purposes;
  • necessary to protect life or prevent serious harm.

If you are referred by another healthcare professional, treatment summaries may be shared only with your consent unless otherwise required by law.

How Your Information Is Stored

Your information is stored securely using GDPR-compliant electronic systems and, where necessary, secure paper records.

Data may be stored:

  • within the United Kingdom; or
  • by trusted service providers with appropriate UK GDPR safeguards in place.

We take reasonable steps to protect your information from unauthorised access, loss, misuse, disclosure, or alteration.

How Long We Keep Your Information

Clinical records relating to adult patients are retained for a minimum of 8 years after your last appointment in accordance with professional, insurance, and legal obligations.

Records relating to children are retained until age 25 (or age 26 if treatment ended at age 17).

Financial records may be retained for longer where legally required.

Marketing preferences are retained until consent is withdrawn.

When information is no longer required, it will be securely deleted or destroyed.

Sharing Your Information

We respect your privacy and do not sell your personal information to third parties.

Your information may occasionally be shared with trusted third parties where necessary for:

  • appointment management systems;
  • payment processing;
  • professional or clinical administration;
  • legal, regulatory, safeguarding, or insurance purposes.

We only share the minimum information necessary and ensure that appropriate confidentiality and data protection measures are in place.

Marketing Communications

We only send marketing communications where you have actively opted in to receive them.

You may withdraw your consent or unsubscribe at any time by:

  • clicking the unsubscribe link in emails;
  • contacting us directly.

Your treatment will never be affected if you choose not to receive marketing communications.

Photography and Media Consent

Where you separately consent to photographs or videos being taken for educational or marketing purposes, these will only be used in accordance with the consent you provide.

You may withdraw consent at any time.

We will never intentionally use identifiable images without your explicit permission.

Your Rights

Under UK GDPR, you have the right to:

  • request access to the personal information we hold about you;
  • request correction of inaccurate or incomplete information;
  • request erasure of your information in certain circumstances;
  • request restriction of processing;
  • object to certain processing activities;
  • request transfer of your data to another provider where applicable;
  • withdraw consent where processing is based on consent.

Requests should be made in writing.

We may request proof of identity before disclosing information.

We aim to respond within one month of receiving a valid request.

Please note that certain healthcare, insurance, or legal obligations may require us to retain some records even where deletion is requested.

Cookies

Our website uses cookies and similar technologies to help the site function properly, understand website usage, and improve user experience.

Where required, you will be asked to consent to non-essential cookies via our cookie banner.

You can control or disable cookies through your browser settings.

We may use analytics services such as Google Analytics to help us understand how visitors use the website. These services collect anonymised usage information and do not identify individual users.

For more information about cookies, visit:

All About Cookies

Links to Other Websites

Our website may contain links to third-party websites for your convenience or information.

Once you leave our website, this Privacy Policy no longer applies. We are not responsible for the privacy practices or content of external websites and recommend reviewing their own privacy policies before providing personal information.

Complaints

If you have any concerns about how your personal information is handled, please contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

Information Commissioner’s Office (ICO)

Contact Details

If you have any questions about this Privacy Policy or your personal information, please contact:

Flourish Acupuncture

nicole@flourish-acupuncture.co.uk

Website: Flourish Acupuncture

You may also contact us via the contact form on the website.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, professional obligations, or clinic practices.

The most current version will always be available on the Flourish Acupuncture website.